ALT-PU-2020-3366-1
Closed vulnerabilities
Published: 2020-11-18
BDU:2021-01024
Уязвимость программной платформы Node.js, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-11-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://hackerone.com/reports/1033107
- https://hackerone.com/reports/1033107
- FEDORA-2020-7473744de1
- FEDORA-2020-7473744de1
- FEDORA-2020-307e873389
- FEDORA-2020-307e873389
- FEDORA-2021-ee913722db
- FEDORA-2021-ee913722db
- FEDORA-2021-afed2b904e
- FEDORA-2021-afed2b904e
- https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
- https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
- GLSA-202012-11
- GLSA-202012-11
- GLSA-202101-07
- GLSA-202101-07
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html